W32.Temphid!lnk
W32.Temphid!lnk is a detection for maliciously created .lnk files by W32.Temphid. W32.Temphid!lnk is usually found on removable USB drives of the infected computer. This link file will exploit operating system’s weak spot or also known as Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution Vulnerability to spread itself.
Alias: Troj/Cplink-A, LNK_STUXNET.A, W32.Temphid!lnk, Stuxnet!lnk
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove W32.Stuxnet!lnk:
FIRST AID TO STOP W32.Stuxnet!lnk:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with W32.Stuxnet!lnk, please restore Windows to previous configuration.
REMOVAL TOOL for W32.Stuxnet!lnk:
1. Temporarily Disable System Restore in Windows XP and Windows ME.
Note: You must have an Administrative Privilege to be able to disable System Restore on Windows XP. It is advised to enable it after this procedure.
a) On the Desktop, Right Click on My Computer
b) Select the System Restore Tab
c) Mark the “Turn Off System Restore” to disable and UnMark to Enable
d) Click Apply on the Bottom of the Dialog Box to save the settings.
e) A message “This deletes all existing restore points” will appear, click Yes to disable.
f) Click OK.
2. Download Sysclean by Trendmicro and save it to a directory on your Desktop.
3. Download the latest Pattern Files of Trendmicro and save it to the same location as the Sysclean. Pattern file is in Zip format such as lptxxx.zip (AS/400, S/390, Windows)
4. Extract the contents of the lptxxx.zip on the folder where Sysclean in located.
5. Reboot Windows in SafeMode
a) During BootUp process Press F8 continuously until selection appears
b) Use Arrow Up+Down to select SafeMode on the selections menu.
c) Hit Enter to proceed.
6. If it requires you to log-in please use the log-in account with administrative rights. Without this privilege, Sysclean will not delete/clean infected files located on System folder.
7. Browse the Sysclean folder on on your Desktop and Double-click Sysclean to run and do a full system scan. This may take time. Reboot when finished, repeat as desired to make sure that all threats are removed.
MANUAL REMOVAL OF W32.Stuxnet!lnk:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s).
4. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be get rid as well. Click here to download and run SAS Portable Scanner.